Quote:Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS.
The good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known.
The fixes address security flaws across Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server. Besides the four critical bugs, 50 are rated “important” and one is moderate in severity.
Critical Microsoft Security Patches for May 2021
The critical bugs in this month’s Patch Tuesday release are:
- CVE-2021-31166: A wormable HTTP protocol-stack issue in Windows 10 and some versions of Windows Server allowing remote code-execution (RCE)
- CVE-2021-26419: A scripting-engine memory corruption vulnerability in Internet Explorer 11 and 9 allowing RCE
- CVE-2021-31194: An RCE bug in the Microsoft Windows Object Linking and Embedding (OLE) Automation
- CVE-2021-28476: An RCE vulnerability in Microsoft Windows Hyper-V
Read more: Wormable Windows Bug Opens Door to DoS, RCE | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
